Top EU Court Says Websites Liable For Facebook ‘Like’ Button Data

Websites using Facebook’s “Like” button are liable for the user data they pass along to Facebook under European law, according to the EU’s highest court.

The judgement by the EU Court of Justice involves Fashion ID, a German online retailer that was accused of violating EU law by its use of the embedded Like plugin.

A German consumer body said the use of the plugin broke data protection laws as it was collecting information on the site’s users.

A German court sought guidance, and ECJ judges have now said that websites share joint responsibility for the data with Facebook, with both being a “data controller”.


Data liability

EU data protection laws define a data controller as a party that determines why personal data is collected and processed, while a data processor typically processes the information on behalf of the controller and is generally a third party.

“The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website,” the ECJ said.

The court noted that the retailer benefited commercially from the Like button as it made its products more visible on Facebook.

But it said the retailer is not responsible for the way Facebook processes the data.

Facebook said the ruling, which can’t be appealed, provides clarity on the issue.

“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law,” said Facebook associate general counsel Jack Gilbert in a statement.

GDPR rules

The case predates the introduction of the GDPR last year, but the decision remains relevant under the new rules, industry watchers said.

It raises significant questions for third-party websites, potentially exposing them to liability involving their use of social media plugins to collect user data.

Belgium’s data protection regulator said last year that a decision giving sites joint responsibility for data could have “serious repercussions” for the third-party sites.

Nils Rauer, a partner at law firm Pinsent Masons, said the ruling would be likely to make sites more cautious about embedding plugins, although he said they are likely to remain popular.

“Presumably, they will pay more attention to the embedding process, by way of obtaining dedicated data privacy advice,” Rauer told Reuters.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Cryptocurrency Warning From Bank Of England Governor

Blunt message from Bank of England governor Andrew Bailey, warning people only to buy cryptocurrency…

20 hours ago

Jeff Bezos Offloads $2 Billion In Amazon Shares

Needs some spending money...Amazon CEO Jeff Bezos has this week sold nearly $2 billion worth…

20 hours ago

Twitter Suspends Account Sharing Trump Posts

Shutdown again. An account has been suspended by Twitter for sharing the posts from Donald…

22 hours ago

IBM Claims Breakthrough With 2 Nanometer Chip

Research boffins at IBM are touting a major leap forward in performance and energy efficiency…

2 days ago

Twitter Now Prompts Users To Revise ‘Harmful Replies’

Trolls beware. Twitter releases feature that will deliver a 'reconsider prompt' for users, if they…

2 days ago

Old Routers Pose Security Risk, Warns Which?

Elderly routers that can no longer receive firmware updates posed security risk to millions of…

2 days ago